BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.22
BEGIN:VEVENT
DESCRIPTION: '\n\n\n Lost and Found Certificates: dealing with residual
certificates for\n pre-owned domains\n\n Sunday at 13:30 in Track 2\n
20 minutes | Demo\, Tool\n\n Ian Foster Hacker\n\n Dylan Ayrey Hack
er\n\n When purchasing a new domain name you would expect that you are t
he\n only one who can obtain a valid SSL certificate for it\, however th
at\n is not always the case. When the domain had a prior owner(s)\, even
\n several years prior\, they may still possess a valid SSL certificate\
n for it and there is very little you can do about it.\n\n Using Certi
ficate Transparency\, we examined millions of domains and\n certificates
and found thousands of examples where the previous owner\n for a domain
still possessed a valid SSL certificate for the domain\n long after it
changed ownership. We will review the results from our\n ongoing large s
cale quantitative analysis over past and current\n domains and certifica
tes. We'll explore the massive scale of the\n problem\, what we can do a
bout it\, how you can protect yourself\, and a\n proposed process change
to make this less of a problem going forwards.\n\n We end by introducin
g BygoneSSL\, a new tool and dashboard that shows\n an up to date view o
f affected domains and certificates using publicly\n available DNS data
and Certificate Transparency logs. BygoneSSL will\n demonstrate how wide
spread the issue is\, let domain owners determine\n if they could be aff
ected\, and can be used to track the number of\n affected domains over t
ime.\n\n Ian Foster\n Ian enjoys researching systems and networking pr
oblems and solutions\n in an effort to make the world more secure. He ha
s published research\n papers analyzing the new gTLD land rush and crawl
ing and parsing most\n WHOIS records. From demonstrating how insecure af
termarket OBD\n "dongles" can be used to compromise and take over automo
biles\; to\n measuring the paths an email traverses online with encrypti
on in an\n effort to increase integrity\, authenticity\, and confidentia
lity\; and\n more. During the day Ian is a Security Engineer fighting fo
r the\n users.\n\n Dylan Ayrey\n Dylan is a security engineer\, who
in his free time authors lots of\n open source projects\, such as truffl
eHog. He graduated college in 2015\n and has been working in security ev
er since.\n\n '\n\n
DTEND:20180812T205000Z
DTSTART:20180812T203000Z
LOCATION:DEFCON - Track 2
SUMMARY:Lost and Found Certificates: dealing with residual certificates for
pre-owned domains
END:VEVENT
END:VCALENDAR